# https://docs.openshift.com/container-platform/3.11/rest_api/oapi/v1.DeploymentConfig.html#object-schema
apiVersion: v1
kind: DeploymentConfig
metadata:
  name: mts
  labels:
    service: mts
spec:
  replicas: 1
  selector:
    service: mts
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        service: mts
    spec:
      containers:
      - name: mts
        image:  image-registry.openshift-image-registry.svc:5000/message-tagging-service/message-tagging-service:latest
        env:
        # Please do remember to increase this config version after any config
        # file content is updated.
        # This is a workaround to trigger Openshift automatically to create a
        # new pod.
        - name: MTS_CONFIG_VERSION
          value: "1"
        ports:
        - containerPort: 8080
        volumeMounts:
        - name: "mts-config"
          mountPath: /etc/mts/config.py
          subPath: config.py
          readOnly: true
        # Do not mount /etc/fedora-messaging to put the config file in order to
        # use cert files to connect broker provided by fedora-messaging
        # package.
        - name: "mts-fedora-messaging"
          mountPath: /etc/fedora-messaging/
          readOnly: true
        - name: "koji-conf"
{% if env == 'staging' %}
          mountPath: /etc/koji.conf.d/stg.conf
          subPath: stg.conf
{% else %}
          mountPath: /etc/koji.conf
          subPath: koji.conf
{% endif %}
          readOnly: true
        - name: "krb5-conf"
          mountPath: /etc/krb5.conf
          subPath: krb5.conf
          readOnly: true

        # Secret files

        - name: keytab
          mountPath: /etc/krb5.keytab
          subPath: krb5.keytab
          readOnly: true

        # Refer to playbooks/openshift-apps/message-tagging-service.yml to
        # learn the file names of cacert, certificate and private key.
        - name: fedora-messaging-ca
          mountPath: /etc/pki/fedora-messaging/mts.ca
          subPath: mts.ca
          readOnly: true
        - name: fedora-messaging-crt
          mountPath: /etc/pki/fedora-messaging/mts.crt
          subPath: mts.crt
          readOnly: true
        - name: fedora-messaging-key
          mountPath: /etc/pki/fedora-messaging/mts.key
          subPath: mts.key
          readOnly: true

        resources:
          requests:
            cpu: 500m
            memory: 128Mi
          limits:
            cpu: 2000m
            memory: 512Mi
        readinessProbe:
          timeoutSeconds: 1
          initialDelaySeconds: 5
          httpGet:
            path: /
            port: 8080
        livenessProbe:
          timeoutSeconds: 1
          initialDelaySeconds: 30
          httpGet:
            path: /
            port: 8080

      volumes:
      - name: "mts-config"
        configMap:
          name: "mts-config"
      - name: "mts-fedora-messaging"
        configMap:
          name: "mts-fedora-messaging"
      - name: "koji-conf"
        configMap:
          name: "koji-conf"
      - name: "krb5-conf"
        configMap:
          name: "krb5-conf"
      # Secret file volumes
      - name: keytab
        secret:
          secretName: keytab
      - name: fedora-messaging-ca
        secret:
          secretName: mts-fedora-messaging-ca
      - name: fedora-messaging-crt
        secret:
          secretName: mts-fedora-messaging-crt
      - name: fedora-messaging-key
        secret:
          secretName: mts-fedora-messaging-key

    triggers:
      - type: ConfigChange
      - type: ImageChange
        imageChangeParams:
          automatic: true
          containerNames:
          - "{{ app }}"
          from:
            kind: ImageStreamTag
            name: "message-tagging-service:latest"

# vim: ts=2 sw=2 autoindent
